]> git.kaiwu.me - nginx.git/commit
Charset: fixed another rare buffer overread in recode_from_utf8()
authorSergey Kandaurov <pluknet@nginx.com>
Mon, 1 Jun 2026 17:46:48 +0000 (21:46 +0400)
committerRoman Arutyunyan <arutyunyan.roman@gmail.com>
Wed, 17 Jun 2026 14:40:35 +0000 (07:40 -0700)
commit319a0bff157b15d9061f4712b2edbe6fdd2dee66
tree00d3b57e978cbd9180f44cbf86a40c4fe89b33b8
parent26d824ec3a2f819300edce0ab3b055751c9843ff
Charset: fixed another rare buffer overread in recode_from_utf8()

With prerequisites similar to 696a7f1b9, it was possible to gain 1-byte
overread on invalid UTF-8 sequences.  The reason is ngx_utf8_decode()
stops advancing the pointer position on the first encountered invalid
byte.  The fix is to adjust the advanced pointer up to the whole saved
sequence in this case.  Note that this may result in different output
compared to complete invalid UTF-8 sequences, which we can disregard
at this point.

Reported by Han Yan of Xiaomi and p4p3r of CYBERONE.
src/http/modules/ngx_http_charset_filter_module.c